工程科学与技术2017,Vol.49Issue(2):121-132,12.DOI:10.15961/j.jsuese.201601020
基于云流量混淆的Tor匿名通信识别方法
Identification of Tor Anonymous Communication with Cloud Traffic Obfuscation
摘要
Abstract
In order to solve the problem of identifying the meek-based Tor anonymous traffic from the TLS-based cloud computing service traffic,an identification method for Tor's anonymous communication based on traffic feature matching and a classification method of Tor's anonymous traffic based on SVM were proposed.Firstly,based on the analysis of connection,static packet and dynamic traffic of the captured Tor-Meek and non Tor-meek traffic in the lab environment,seven specific static and dynamic features of Tor-Meek traffic were identified.Lately,a traffic feature matching identification method for Tor's anonymous communication technique was proposed,which could be used to quickly detect Tor-Meek traffic and the accuracy rate is over 90% for longer traffic with packets number exceeding 200.In order to be robust to the upgrading and transformation of Tor versions,statistic features of the slicing of ToroMeek traffic were analyzed including the length and count,length variation,length entropy,sequence of sending and receiving of the sliced traffic.Then 16 statistic features were identified,based on which an identification and classification method for Tor's anonymous traffic by using SVM machine learning algorithm was proposed.Different feature combinations and algorithm parameters were studied experimentally to decide which ones can yield the best accuracy and recall rate of the classification algorithm.It was shown that when the number of packets in one session wa above 40,and the length of each slice of one session was 40 packets,the identification accuracy was above 97 and the recall rate was over 99% for the SVM based method.The experiments results show that hile the feature matching methods is effective for quick identification,the machine learning method is more accurate and robust to the changing and upgrading of different versions of Tor browser in identifying anonymous traffic of specific versions of Tor-Meek.关键词
匿名通信/Tor/流量混淆/流量识别Key words
anonymous communication/Tor/traffic obfuscation/traffic identification分类
信息技术与安全科学引用本文复制引用
何永忠,李响,陈美玲,王伟..基于云流量混淆的Tor匿名通信识别方法[J].工程科学与技术,2017,49(2):121-132,12.基金项目
国家自然科学基金资助项目(61402035) (61402035)
